56 Chapter3·AnIntroductionToCryptography The algorithm used to generate and verify the MAC is based on the DES. A keyed Hash Message Authentication Code (HMAC) is an extension to the MAC function to include cryptographic hash function and a secret key in deriving the message authentication code. Typically, MD5 and SHA-1 cryptographic hash functions are used to calculate the HMAC value. The type of cryptographic hash used in creating the HMAC is appended to indicate the algorithm (e.g., HMAC-MD5 and HMAC-SHA1). Digital Signatures A digital signature is a means of verifying the authenticity and integrity of a message. This is achieved by using public key cryptography techniques combined with cryptographic hash functions. Com- bined with trusted time-stamping mechanisms, the digital signature can also be used to provide non-repudiation functions. The digital signature process begins with creating a cryptographic hash of the message. This hash value is also known as a "digital fingerprint" and is a unique value. The digital fingerprint is then encrypted with the sender's private key, and the resulting value is appended to the message. This message is then sent to the recipient. When the message arrives, the recipient decrypts the digital fingerprint appended to the message, creates a digital fingerprint of the message itself, and compares the two. If they match, the integrity of the message has been intact and the authentication of the sender is established. Please see Figure 3.6.